Update roundcube to 1.1.4 including security fixes.

* Fix a potential path traversal vulnerability.
* Adds some measures against brute-force attacks

RELEASE 1.1.4
-------------
- Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
- Fix duplicate messages in list and wrong count after delete (#1490572)
- Fix so Installer requires PHP5
- Make brute force attacks harder by re-generating security token on every failed login (#1490549)
- Slow down brute-force attacks by waiting for a second after failed login (#1490549)
- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
- Fix mail view scaling on iOS (#1490551)
- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
- Fix responses list update issue after response name change (#1490555)
- Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
- Fix redundant blank lines when using HTML and top posting (#1490576)
- Fix redundant blank lines on start of text after html to text conversion (#1490577)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
- Fix invalid LDAP query in ACL user autocompletion (#1490591)
- Fix regression in displaying contents of message/rfc822 parts (#1490606)
- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
- Fix PDF support detection in Firefox > 19 (#1490610)
- Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620)
- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)

5 files changed, 19 insertions, 14 deletions

diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile
index 78eb6753a7e..0078bce78a2 100644
--- a/mail/roundcube/Makefile
+++ b/mail/roundcube/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.77 2015/10/29 15:54:20 prlw1 Exp $
+# $NetBSD: Makefile,v 1.78 2015/12/26 14:24:48 taca Exp $
 
-DISTNAME=	roundcubemail-1.1.3
+DISTNAME=	roundcubemail-1.1.4
 PKGNAME=	${DISTNAME:S/mail-/-/}
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=roundcubemail/}
diff --git a/mail/roundcube/PLIST b/mail/roundcube/PLIST
index e16e6c68c60..87bb0a2734b 100644
--- a/mail/roundcube/PLIST
+++ b/mail/roundcube/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.38 2015/10/29 15:54:20 prlw1 Exp $
+@comment $NetBSD: PLIST,v 1.39 2015/12/26 14:24:48 taca Exp $
 share/doc/roundcube/INSTALL
 share/doc/roundcube/LICENSE
 share/doc/roundcube/README.md
@@ -1865,6 +1865,7 @@ share/roundcube/program/localization/zh_TW/messages.inc
 share/roundcube/program/resources/blank.gif
 share/roundcube/program/resources/blank.tif
 share/roundcube/program/resources/blocked.gif
+share/roundcube/program/resources/dummy.pdf
 share/roundcube/program/steps/addressbook/copy.inc
 share/roundcube/program/steps/addressbook/delete.inc
 share/roundcube/program/steps/addressbook/edit.inc
diff --git a/mail/roundcube/distinfo b/mail/roundcube/distinfo
index 83c68af5bda..50dd2f3def4 100644
--- a/mail/roundcube/distinfo
+++ b/mail/roundcube/distinfo
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.47 2015/11/04 17:41:20 agc Exp $
+$NetBSD: distinfo,v 1.48 2015/12/26 14:24:48 taca Exp $
 
-SHA1 (roundcubemail-1.1.3.tar.gz) = 4513227bd64eb8564f056817341b1dfe478e215e
-RMD160 (roundcubemail-1.1.3.tar.gz) = e4301d85004cc5986743ef16e3c4ea2c3f8dd9fd
-SHA512 (roundcubemail-1.1.3.tar.gz) = be5d64a8d52aa623de614bc1b137ae2f74250de050de086a510114121bcb760b973f8319884395827f324371542b741b80054b90031d8814752bb018dcda2096
-Size (roundcubemail-1.1.3.tar.gz) = 3208502 bytes
+SHA1 (roundcubemail-1.1.4.tar.gz) = 4883c8bb39fadf8af94ffb09ee426cba9f8ef2e3
+RMD160 (roundcubemail-1.1.4.tar.gz) = 24f4bd093db74183132eba7ff610fcff9840541a
+SHA512 (roundcubemail-1.1.4.tar.gz) = 18c2422d65292cd13bc4ce592e8490cc0a9d3e9551ac4d188db93eb989525af7ccf519642dd2e68a7380ab0d0d4ad4f999af2b7e99da75d88274743949b42f8a
+Size (roundcubemail-1.1.4.tar.gz) = 3209549 bytes
 SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227
 SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668
-SHA1 (patch-config.inc.php) = 20a71b7fd9fbf0a1e097bd17428b9a1a2bed638d
-SHA1 (patch-rcube_mime_default) = 5cf58d8cbba63f97ddd8baaa7f1603aeff6bcb0d
+SHA1 (patch-config.inc.php) = 6652bd2aaba06e1d1dd4a02d2390aa523f54e613
+SHA1 (patch-rcube_mime_default) = fe6ff1bea0a2c4223b34e44a6d0ca76e6476d2aa
diff --git a/mail/roundcube/patches/patch-config.inc.php b/mail/roundcube/patches/patch-config.inc.php
index 7195e701519..0e0edab5184 100644
--- a/mail/roundcube/patches/patch-config.inc.php
+++ b/mail/roundcube/patches/patch-config.inc.php
@@ -1,5 +1,7 @@
-$NetBSD: patch-config.inc.php,v 1.1 2015/05/24 14:48:54 jym Exp $
+$NetBSD: patch-config.inc.php,v 1.2 2015/12/26 14:24:48 taca Exp $
+
 Add default paths for log, tmp and MIME types.
+
 --- config/config.inc.php.sample	2015-03-16 20:54:49.000000000 +0000
 +++ config/config.inc.php.sample.18555.sample
 @@ -83,3 +83,10 @@ $config['plugins'] = array(
diff --git a/mail/roundcube/patches/patch-rcube_mime_default b/mail/roundcube/patches/patch-rcube_mime_default
index a10bbf5642b..9ca85d7f3f9 100644
--- a/mail/roundcube/patches/patch-rcube_mime_default
+++ b/mail/roundcube/patches/patch-rcube_mime_default
@@ -1,8 +1,10 @@
-$NetBSD: patch-rcube_mime_default,v 1.1 2015/05/24 14:48:54 jym Exp $
+$NetBSD: patch-rcube_mime_default,v 1.2 2015/12/26 14:24:48 taca Exp $
+
 Fix path to /etc/.
---- program/lib/Roundcube/rcube_mime.php.orig	2015-03-16 20:54:50.000000000 +0000
+
+--- program/lib/Roundcube/rcube_mime.php.orig	2015-12-23 09:18:12.000000000 +0000
 +++ program/lib/Roundcube/rcube_mime.php
-@@ -807,12 +807,12 @@ class rcube_mime
+@@ -770,12 +770,12 @@ class rcube_mime
              $file_paths[] = 'C:/xampp/apache/conf/mime.types.';
          }
          else {